EDD in banking involves gathering information in order to verify the identity of customers and calculate the exact level of money laundering risk each customer poses. During the EDD process, the customer is asked for a much greater amount of information than they are during the CDD process, as this information can be used to mitigate the risks involved.
September 19th, 2022
ShareLove this blog? Why not share it with the world?
Due diligence is the process banks follow when they verify the identity of their customers and ensure that these customers are not involved with money laundering and financial crime. When carrying out due diligence, a bank must:
While the majority of customers will be subjected to a standard level of customer due diligence (CDD), high-risk individuals will go through an enhanced due diligence (EDD) process that is more rigorous and helps mitigate risk.
EDD in banking is an essential part of the KYC compliance process. It involves gathering information in order to verify the identity of customers and calculate the exact level of money laundering risk each customer poses. During the EDD process, the customer is asked for a much greater amount of information than they are during the CDD process, as this information can be used to mitigate the risks involved.
In general, when carrying out EDD in banking, the Financial Action Task Force (FATF) recommends a risk-based approach whereby “the amount and type of information obtained, and the extent to which this information is verified, must be increased where the risk associated with the business relationship is higher.”
Practical steps for EDD in banking suggested by FATF include:
FATF then recommends that the bank implements a risk-based monitoring strategy that can be used to catch suspicious activity or changes in that customer’s risk profile.
There are several differences between customer due diligence and enhanced due diligence. Firstly, CDD and EDD are different tiers of the KYC process. While CDD involves identifying the customer by checking the data provided against databases and verifying the customer’s identity, EDD in banking goes much further.
Reserved for customers who are deemed to be high risk (such as politically exposed persons and individuals who are subject to sanctions), EDD adds additional steps to the due diligence process. On top of this, customers are required to provide a lot more information.
EDD in banking is far more rigorous than CDD and it’s also much more time consuming for the customer and the bank to carry out.
The exact EDD process varies depending on the jurisdiction the bank operates in, but recommendations from FATF suggest that banks should look to verify the client’s source of funds, put ongoing checks in place that can spot suspicious transactions, screen for adverse media, and keep detailed records of the decision-making process.
According to FATF guidelines, three factors must be evaluated when assessing the risk of corruption-related money laundering. These are:
EDD processes should be carried out for all high-risk customers. These are customers that pose high money laundering or terrorist financing risks and present increased exposure and risks to banks as a result.
How the level of risk posed by each customer is calculated can vary on a case-by-case basis. However, popular variables to consider when creating customer risk profiles include the jurisdiction the customer is based in, the services the customer is attempting to access, and the nature of the customer themselves.
When determining whether EDD processes are necessary, you need to consider whether any of the following risk factors apply:
The enhanced due diligence process can be quite complex. Due to this, it’s best to break it down into stages. With this in mind, here’s a step-by-step guide explaining how to conduct enhanced due diligence:
Following FATF recommendations, you should employ a risk-based approach to CDD and EDD in banking.
Although you require additional information from some high-risk customers, there’s no need to treat every individual in the same manner, so you should tailor your approach on a case-by-case basis. To do this, you should assign each client a risk level or risk score and then carry out the appropriate checks.
How to decide which pieces of information you should ask for should be detailed in your company’s AML compliance policy.
Next, you should obtain the additional information you require from your customer. Some of this information may come directly from the customer, while other pieces of information will come from third parties.
If the customer is a politically exposed person, you may ask them for information regarding their title, the positions they hold in a business, and the influence they have. Alternatively, if the client is a business, you may ask them for the identities of board members or articles of incorporation, partnership agreements, and business certificates.
Now you must obtain information that will indicate the origin of your customer’s wealth. In carrying out this part of the process, you need to compare the value of your client’s non-financial and financial assets with that of their real assets to make sure that these figures match. If you spot inconsistencies between their net worth, wealth source, or earnings, then these must be investigated further.
You must also establish the ultimate beneficial ownership of your client’s organization and ensure you’ve verified the identity of this owner.
Next, you must analyze your client’s transaction history, including:
During this stage, you should look for any inconsistencies between the projected value of goods and services and the amount paid or received. Mismatches could suggest money laundering.
Negative news reports about your client can tell you more about their track record and reputation. If you can use these reports to establish that the client has been involved in committing financial crimes before, then this is a big red flag.
If you remain unsure about the level of risk a client poses you can also choose to visit them. In doing so, you can verify that their physical business address matches the information they’ve provided.
Similarly, with an on-site visit, you can obtain physical documents from a client, rather than relying on digital copies.
Once you’ve completed all the above steps, you can make a measured decision about the level of risk a client poses. If you decide that this risk level is manageable, you can then develop an ongoing monitoring strategy that you can put in place to help you monitor their transactions and activities.
To create an effective strategy, you must review their transactions in line with the data and information they’ve already provided. Certain transactions may not seem suspicious in isolation, but may form part of a continuous pattern of activities that indicate illicit activity when viewed as a whole.
Finally, you should write a report that details your EDD plans.
Within the report, you should include a timetable that indicates when you will carry out the specific monitoring activities you created in the step above, as well as a rundown of how you made the decision to onboard them. You should also include copies of all the pieces of information you’ve obtained. The report should then be stored in a secure location, in case regulators ask to see it in the future.
The customer due diligence process must be carried out for every new customer a bank takes on. Ongoing monitoring must then also be carried out.
However, a bank must use enhanced due diligence procedures if they are doing business with any of the following organizations or individuals:
If you’re interested in learning more about EDD in banking, then get in touch with our due diligence experts today.
Here at Veriff, we’ve created a number of class-leading customer due diligence solutions that can streamline the process, improve decision-making, and reduce friction. Our AML and KYC compliance solution can be used to verify the identity of customers, screen them against PEP and sanctions watchlists, and check for adverse media. It can then even provide ongoing monitoring.
To discover more about how we can help you, book a free and personalized demo with the team today.
When carrying out due diligence, a financial institution must determine whether they should perform customer due diligence (CDD) or enhanced due diligence (EDD). This is because FATF guidance suggests that companies should adopt a risk-based approach to due diligence that reflects the specific level of risk that each individual customer presents.
Synthetic fraud is incredibly dangerous and is a major problem facing the financial sector. Unlike third-party fraud, where an entire identity is stolen and used to defraud enterprises and victims, synthetic fraud frequently has no specific consumer victim.
The techniques used by fraudsters are becoming increasingly complex. This means that there are now multiple ways a fraudster can take control of an account. The types of account takeover fraud chosen by the attacker will depend on their goal and the resources they have available.